Modification to (proto.h) is made to add an additional expert group type of PI_REQUEST_CODE to allow Request tag information to be passed to the expert tap. This is for such reasons where a dissector would like to echo specific information about certain types of requests. For example: NCP connection request is really a request not a REPLY_CODE. Same is true for the TCP SYN request.
Changes to packet-ncp.c
1. Server broadcast message flag. Now indicates if the message is a pending message or an oplock clear notification.
2. Cleanup of packet signature detection process. Previous method had some flaws so I redesigned it. Appears to be solid now.
3. Echo NCP Server Session information to expert tap.
Note on item #3: NCP Connection+Task = NCP Session, a Single connection can have many tasks. The server sees each connection/task as a unique session. For this reason the NCP session information is now echoed to the expert composite statistics so that you can easily identify the different NCP processes and sessions. It is important to NCP analysis to understand that each session is most likely a different program on the requesting host sharing the same NCP connection.
Changes to packet-ncp2222.inc
1. Comment out the echo of NCP connection info to expert tap. Replaced by NCP sessions.
2. Add displayEID in request decode (resolves Coverity defect for dead code in NCP dissector)
Changes to ncp2222.py
1. Fix for endian display of bindery object type in NCP 0x1720.
2. Fix for size of bindery object type to 2 bytes instead of 4 to match other bindery NCP's.
svn path=/trunk/; revision=17636
This small patch will cause the current AVP dictionary to be freed and
repopulated when relevant preferences have changed.
svn path=/trunk/; revision=17635
Please find enclosed a patch for the BGP dissector.
A 0 length IP address is valid in NLRI dissection. It just means "0/0 address".
svn path=/trunk/; revision=17634
update it to dissect it as such and create new helpers for the new structure that takes one extra guint32 at the end of the previous structure.
svn path=/trunk/; revision=17632
The code assumes Template FlowSet contains only one Template Record, which is not necessarily true. Please find attached the patch to fix it.
svn path=/trunk/; revision=17630
> This patch:
> - adds a few filterable fields (currently there are only hidden
> boolean fields for request and response).
svn path=/trunk/; revision=17629
>>>This patch:
>>>- makes it possible to turn off use of the XML AVP dictionary (which
>>>relies upon the XML lib being installed). A failed load results in 3
>>>annoying dialogs popping up the first time a diameter packet is read.
>>>Default is previous behaviour.
svn path=/trunk/; revision=17628
and if the checksum is wrong
and if the checksum field is 0x0000
mark the packet as [Checksum Offloaded] and still allow reassembly of
tcp segmetns
since it is most likely just a tco checksum offload engine and not a real checksum error
svn path=/trunk/; revision=17612
(report luns with allocation length 8 for example)
Therefore it is a bit wrong to mark these packets as [malformed packets]
Since they are truncated by scsi and this is NOTY an error condition.
Add a new exception type : ScsiBoundsError
If this exception is caught by packet-frame, then print an appropriate message
instead of [malformed packet]
For SCSI, add helper macros TRY_SCSI_SHORT_PACKET and END_...
If the packet was not short in the normal sense (snaplen < packetlen) then intercept the exception for BoundsError and rethrow it as ScsiBoundsError instead.
svn path=/trunk/; revision=17611
added another command preventallowmediaremoval besides those 3.
> enhanced packet-scsi.c a bit to decode 3 more scsi commands
>
> getperformance
> setcdspeed
> readdiscstructure.
svn path=/trunk/; revision=17610
rename binding into assoc(iation) which is the AOC name.
move the definition of sccp_assoc_t to packet-sccp.h so that information regarding sccp associations it can be used by user protocols
svn path=/trunk/; revision=17590
(The macro GET_MSG_TYPE does propper bounds checking but coverity doesn't consider it (may not be able to resolve the ?: operator) )
svn path=/trunk/; revision=17581
- Display UUID for tag #97 (Client machine identifier)
- Display UNDI major and minor version for tag #94 (Client network
interface identifier)
- Use value strings for tag #93 (Client system architecture)
The byte ordering is messed up for the GUID though.
svn path=/trunk/; revision=17541
use UTF-16 internally and GTK+ 2.x uses UTF-8, which means we have to
do a lots of conversions.
Add utf_8to16() and utf_16to8 convenience functions to strutil.c.
svn path=/trunk/; revision=17534
length_remaining could become -1 and if so the next tvb access (tvb_memcpy()) would cause an exception. not really an ethereal since it would have no ill effects in reality.
change !=0 to >0 to make it more clear what we actually test.
svn path=/trunk/; revision=17528
this if statement always evaluate to true since it is called from a single place that is only entered if the very same expression is also true there.
svn path=/trunk/; revision=17524
Update on dissector packet-scsi
* modepage processing for MMC
* support cmd Get Event Status Notification
* support cmd start stop unit for mmc
svn path=/trunk/; revision=17484
test this functionality by calling these vector insert/lookup tree functions from the nfs dissector for when filehandles are used as a key.
these vector functions could also be used to efficiently store conversations :
se_tree_key_t[6] = {
{ addr_len/4, &src_addr },
{ addr_len/4, &dst_addr },
{ 1, &src_port32 },
{ 1, &dst_port32 },
{ 1, &protocol32 },
{ 0, NULL }
}
(the nfs dissector needs a LOT of work. It is very painful to work with
very large nfs traces with all the memory it wastes (and eats) as well as how slow all the tables make it)
svn path=/trunk/; revision=17477
The M3UA I-G and -bis specify a couple of registration result codes that
the M3UA dissector doesn't currently understand. The attached patch fixes that.
svn path=/trunk/; revision=17476
Version 0.47a of eMule extends the eDonkey protocol to support files up to 256GB in length. This patch adds support for the new packet types, and changes to existing packets, used to support this.
In addition, it seems to be getting more common to use compression on the index server connection. The packets used are just like the uncompressed versions, except transmitted as a zlib compressed stream, so I've added dissection for the contents of those too.
Plus a couple of bugfixes to the UDP packet dissection.
svn path=/trunk/; revision=17475
Updated dissector packet-scsi to
* decode the device configuration mode page;
* decode the request sense response;
* fix a wrong lens print in several writeX(). this happens when one packet contains several iscsi pdu. one write data pdu will be explained as request with LEN extracted (but it is not a cdb so it was wrong).
* split the dissect_scsi_snsinfo() into 2 parts so the sense data decode part can be a subroutine shared by requestsense() and maybe more places.
svn path=/trunk/; revision=17460
There is error when ethereal dissects UMTS AMR codec info.
The "Initial Codec Mode" does not exist in 3GPP TS 26.103(v4.a.0)
but OM(Optimization Mode) is correct parameter.
svn path=/trunk/; revision=17458
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17452
The attached patch adds support for LAPD frames captured using vISDN thru
libpcap. The support has already been included in libpcap.
The patch adds a new wiretap encapsulation, the necessary glue to decode
SLL-encapsulated frames, and some minor change in the LAPD dissector in order
to support the remote-to-remote frames captured on the ISDN E-Channel.
Please apply ethereal-encap-table.diff before, as it fixes a misalignment in
the encapsulation names table.
svn path=/trunk/; revision=17451
I know nothing about iscsi , but try the attached patch. It fix the
wrong desegmentation and the ethereal bug isn't triggered anymore.
svn path=/trunk/; revision=17445
only call subdissectors for packets that are NOT keepalives nor zerowindowprobes.
keepalives only contain garbage anyway
and zerowindowproes just contain a single byte of incomplete data so whats the point trying to dissect it further.
svn path=/trunk/; revision=17443
Use "tvb_get_ephemeral_string()" to extract a counted string into an
ep_allocated null-terminated buffer.
Constify a variable that points to packet data.
svn path=/trunk/; revision=17435
(you don't have to worry about comments in #if 0'ed otu code), and it
also fixes an unclosed comment (the commenting-out ended with /* rather
than */).
Fix up some indentation as well.
svn path=/trunk/; revision=17434
fixes the following compilation warnings (and
potential problems that may otherwise follow).
packet-per.c(796) : warning C4047: 'function' : 'struct _proto_node ** '
differs in levels of indirection from 'struct _proto_node *'
packet-per.c(796) : warning C4024: 'dissect_per_boolean' : different
types for formal and actual parameter 7
packet-per.c(796) : warning C4700: local variable 'pi' used without
having been initialized
svn path=/trunk/; revision=17427
use proto_tree_add_[u]int[8,16,24,32,64]() instread of proto_tree_add_item()
since BER integers may well be encoded in less bytes than the type requires.
(i do not think the old code with proto_tree_add_item() could have handleded negative values very well or at all.)
svn path=/trunk/; revision=17425
This patch further tightens up testing for resent packets.
It now always compares the method. I've seen examples where the called
party hangs up, and chooses the same CSeq for the BYE as the calling
party chose for the INVITE.
svn path=/trunk/; revision=17408
a patch for the VoipCalls to fix a couple of issues:
- a problem with the RTP Events (RFC2833) not been handle correctly
- Display the RTP stream in time order when the setup frame is after the
RTP stream.
- fix a init issue that caused the H245 packet to not been displayed
correctly.
svn path=/trunk/; revision=17385
a patch for the VoipCalls to fix a couple of issues:
- a problem with the RTP Events (RFC2833) not been handle correctly
- Display the RTP stream in time order when the setup frame is after the
RTP stream.
- fix a init issue that caused the H245 packet to not been displayed
correctly.
svn path=/trunk/; revision=17383
inside this expansion show
1, eth.addr so people can see that this field exists (i think it is futile to use "hidden" fields and expect people to search through the infinitely long list of fields, better show everything and they will see themself what fuields they can filter on)
2, bit 0x01 of the first byte to show if it is Multi or Uni-cast
3, bit 0x02 of the first byte to show if it is a locally administrated address or not.
I do use the (to laymen) more descriptive names "factory default" instead of LocallyAdminAddr in the true_false string though.
svn path=/trunk/; revision=17378
dont play games with lnk_t
If the preference is set to unconditionally dissect everything as docsis just call the docsis handler directly.
svn path=/trunk/; revision=17377
> The included patch fixes BFD version detection in the BFD packet
> dissector and extends it to correctly dissect version 1 packets. The
> Authentication Section part of the packet is still not dissected.
>
svn path=/trunk/; revision=17357
IEEE802.3ah-2004 (OAM) Errored Frame Seconds Summary Event TLV is not being
decoded properly. Per IEEE802.3ah-2004 section 57.5.3.4, item g, the Error
Running Total field should be 4-octets however Ethereal is trying to decode this
field as 8-octets which results in incorrect value reported for "Error Running
Total" and "Event Running Total".
svn path=/trunk/; revision=17351
Add the same workaround used in packet-ftam.c for the bad handling of the asn "IMPLICIT SEQUENCE", in the packet-gsm_map-template.c. This patch concerns Map V3 messages, not correctly decoded with the previous workaround "offset=offset+2".
Change a parameter for Provide Roaming Number decoding.
Add a decoding fonction for "Channel needed" parameter to avoid a decoding error for Paging messages
with a change to actually dissct channel needed.
svn path=/trunk/; revision=17350
pinfo->net_src and pinfo->net_dst where used to set up conversation, but
this fields are null on eap stream. use pinfo->src and pinfo->dst
instead.
The patch also enable strict checking in the 'follow ssl stream' dialog.
svn path=/trunk/; revision=17333
The attached patch should fix bug 742.
The issue is (at least, I think so...) in the packet-x509af dissector
A null pointer is passes as parameter of a " %s " format string.
svn path=/trunk/; revision=17317
Here's a tiny patch that will allow for dissecting of chunked coded HTTP
responses when there is an extension or trailing whitespace in the
Transfer-Encoding: header.
svn path=/trunk/; revision=17314
- enable the 'follow SSL stream' menu item only when a ssl packet is selected.
- when 'following' an ssl stream, show ssl decrypted data only for current conversation.
- fix a typo in ssl preference description.
svn path=/trunk/; revision=17301
- Improves ability of dissector to find conversations without seeing
whole stream.
- Fixes some issues with dissection of data which requires reassembly.
- Adds the ability to dissect jxta conversations from SCTP streams.
- Better handling of welcome message.
- Adds direct dissection of compressed SRDI data.
- Has been run through extensive fuzz testing.
- Fixes compiler warnings with previous patch 17141
svn path=/trunk/; revision=17282
the attached patch fix a couple of possible memory leak in the ssl
decryption code, add some indentation fix, more comments and add the
preference to select the debug output (missing in previous patch)
svn path=/trunk/; revision=17281
The attached patch cleanup the debug infrastructure for ssl dissector.
Debug messages are by default off and can be enabled via the ssl
dissector preference. Debug output can be directed to stderr or file.
svn path=/trunk/; revision=17253
Anders Broman